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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
05/13/2005 has been entered. 

2. The text of those sections of Title 35,U.S.Code not included in this section can be 
found in the prior office action. 

3. The prior office actions are incorporated herein by reference. In particular, the 
observations with respect to claim language, and response to previously presented 
arguments. 

4. New claims 25-36 have been added. 

5. Claims 1-53 have been considered. 

Response to Arguments 

6. Applicant's arguments filed 05/1 3/2005 have been fully considered but they are 
not persuasive. 

• In response to applicant's argument that the references fail to show certain 

features of applicant's invention, it is noted that the features upon which applicant 
relies (i.e, " wherein data is stored where it is generated (data access system) for 
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sharing with other third party data access system upon approval by the patient- 
subscriber",page 10 and 1 1 of the Applicant's response ), examiner refers 
applicant to the following remarks: 

A recitation directed to the manner in which a claimed apparatus/methods is 
intended to be used does not distinguish the claimed apparatus/methods from the prior 
art if prior art has the capability to do so perform (See MPEP 21 14 and Ex Parte 
Masham, 2 USPQ2d 1647 (1987)). The prior art is replete with references disclosing 
storing information (sensitive, encrypted or otherwise normal data, medical data, etc.). 
therefore the location where data is stored for access by any entity in a network 
environment is a design choice and not an inventive steps over the prior art. 

• In response to applicant's argument that the references fail to show certain 

features of applicant's invention, it is noted that the features upon which applicant 

relies (i.e, " storing the data only once", "not accessible to the owner of the 

rights", page 12-14 of the Applicant's response ), examiner refers applicant to the 

following remarks: 

A recitation directed to the manner in which a claimed apparatus/methods is 
intended to be used does not distinguish the claimed apparatus/methods from the 
prior art if prior art has the capability to do so perform (See MPEP 21 1 4 and Ex 
Parte Masham, 2 USPQ2d 1647 (1987)). The prior art is replete with references 
disclosing storing information (sensitive, encrypted or otherwise normal data, 
medical data, etc.), therefore the number of times and where data is stored for 
access by any entity in a network environment is a design choice and not an 
inventive steps over the prior art. Further more the prior art disclose access by 
authorized entity (see page 3, line 20 Shultz), therefore giving access to an 
authorized entity or denying access to an entity (such as owner right) is a design 
choice and not an inventive steps over prior art. Also giving access by whom to who 
is well known in the prior art (As an example: such as administrator authority 
distributing access levels and authorities of the entities within a network systems in 
windows NT, Novell, Unix operating systems). 
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Claim Rejections - 35 USC § 103 

7. Claims 1-36 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Shultz et al (WO 98/15910) in view of Carter (5787175). 

With respect to Claims 1 and 25, Shultz et al meets the limitation of the method for 
secured access to data in a network including an information center and a plurality of 
data area access systems in which permission to store said data and to define at the 
information center, access rights of third parties to said data is limited to the owner 
of rights to said data" on page 3, lines 1-9, 26-30; and in each case storing the data 
only once in one of said data area access systems not accessible to the owner of 
the rights" on page 2, lines 28-30, page 3, lines 1, 12-14; and registering the 
presence of data of a certain type in each data area access system at said 
information center, followed by the owner of the rights to the stored data should he 
wish, defining access rights of third parties to said data at said information center" is 
met on page 2, lines 28-30 and page 3, lines 26-28,. and (transmitting a list of the 
data present of a certain type, specifying the data area access system storing said 
data, and said information center to a requesting data area access system" is met 
inherently by page 5, lines 3-5., and on page 4, lines 18-25,. and "directly 
transmitting said data of said certain type by said data area access system storing 
said data to said requesting data area access system subject to said data area 
access system storing said data having received a confirmation from said 
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information center" on page 3, lines 20-23 and 26-30 and on page 4, lines 1-4. The 
password and WWW address verification inherently discloses a confirmation signal 
being sent from the information center. This is because the information center 
verifies the password and address and must send a signal to communicate a 
successful verification to the data access system. Schultz however does not meets 
the limitation disclosed below. 

The limitation of the access rights of said requesting data area access system 
correspond to the access rights defined at said information center for said data" is 
met by Carter on column 3, lines 31-42. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Carter within the system of Schultz because 
an access list that is modifiable by the user can help the user prevent someone who 
already had previous access from gaining future access to his medical record. This 
hence gives the user more control over who he/she wants to view his/her medical 
records. 

With respect to Claim 2, the limitation of "wherein an authorization of the storage of 
data and of the definition of the access rights of third parties to the data takes place 
by means of an identity check of the owner of the rights to the data" is met by Shultz 
et al on page 44, lines 19-30 and page 45, lines 1-7. The password authentication is 
the identity check for the user. 
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With respect to Claim 3, the limitation of "wherein data to be stored are stored in 
said data area access system with an electronic form which contains the type of the 
data" is met by Shultz et al on page 44, lines 15-19. 

With respect to Claims 4, the limitation of "wherein a data area access system 
storing data responds to a request for certain data of a certain type by a requesting 
data area access system by verifying the access rights through an inquiry to the 
information center as to whether the requesting data area access system has 
access rights to the certain data of a certain type" is met by Shultz et al on page 4, 
lines 28-30 and on page 5, line 1 . The technician's password verifies his unique 
access rights to the information center. 

With respect to Claim 5, the limitation of "wherein a data area access system 
receiving certain data of a certain type allows access to the received data only 
directly after a respective reception of said data" is met by Shultz et al on page 3, 
lines 29-30 and on Fig. 4. Access is allowed to the user as her/his password and a 
distinctive address are verified. 

With respect to Claim 6, the limitation of "wherein a data area access system 
storing certain data of a certain type grants access to the certain data of a certain 
type only if a positive verification has taken place through an inquiry to the 
information center as to whether said data area access system storing said certain 
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data of a certain type can show access rights for said certain data of a certain type" 
is met by Shultz et al on page 4, lines 28-30. The password and address form the 
certain data that show access rights for the data to be accessed. The technician has 
a different password from the physicians and hence a different access right applies 
to him than for any other worker. 

With respect to Claim 7, the limitation of "wherein the information center if notified 
by a data area access system having new data about the presence of new data of a 
certain type, whereupon said information center sends a notifying confirmation to the 
data area access system" is met by Shultz et al on page 4, lines 18-25. The 
subscriber or physician can update the patient's records. 

With respect to Claim 8, the limitation of "wherein said data are identified on the 
basis of an identification which is allocated as a unique identification by said 
information center and is transmitted by said information center after a registration of 
new data to the data area access system storing said data, in order for said system 
to append the respective identification to the respective data" is met by Shultz et al 
on Fig. 3B. The network address is the identification sent to the user registers. 

With respect to Claim 9, the limitation of "wherein an inquiry for data of a certain 
type by a data area access system, said information center prepares a list of all the 
data present of this certain type before it verifies the access rights to the data of the 
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certain type, in order to transmit the list of data present of this certain type, 
specifying the data area access system respectively storing these data, to the 
requesting data area access system for which the requesting data area access 
system can show said access rights" is met by Shultz et al on page 42, lines 12- 
25, and page 44, lines 1-4. 

With respect to Claim 10, the limitation of "wherein when data access is desired by 
a data area access system to data of a certain type, firstly a request for such data of 
the certain type is sent to the information center" is met by Shultz et al on page 42, 
lines 12-15. 

With respect to Claim 11, the limitation of "wherein when data transmission is 
desired from a data area access system storing data to a requesting data area 
access system, firstly a request for certain data of a certain type is sent by the latter 
system to the data area access system storing these pertain data of a certain type" 
is met by Shultz et al on page 42, lines 12-15. 

With respect to Claim 12, the limitation of "wherein the data in a data area access 
system are stored in a secure data memory no direct access being possible to the 
data stored therein" is met by Shultz et al on page 1 1 , lines 8-23. 
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With respect to Claim 13, the limitation of "wherein the type of the data is 
determined by their content and/or the owner of the rights to the data" is met by 
Shultz et al on page 3, lines 26-30. 

With respect to Claim 14, all the limitation is met by Shultz et al except the 
limitation disclosed below. 

The limitation of "wherein the access rights to stored data can be defined by the 
owner of the rights to the data at any point in time after their registration at the 
information center and, after that, can be changed again as desired by a re-definition 
by the owner of the rights to the data" is met by Carter on column 3, lines 31-42. 
It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Carter within the system of Schultz because 
this allows the user more control over who can view his information. He can use this 
control to prevent a physician who already had access in the past from having 
access in the future due to personal reasons. 

With respect to Claim 15, the limitation of "wherein the access rights to stored data 
can be granted by the owner of the rights to the data when they are stored in a data 
area access system" is met by Shultz on page 4, lines 14-17. The user sharing his 
password with any medical establishment of his choice achieves this. 
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With respect to Claim 16, the limitation of "wherein communication between a data 
area access system and the information center or another data area access system 
takes place in encrypted form" is obvious because encryption is a well known 
method of making data undecipherable to a common eye. The examiner takes 
official notice on the encryption of a patient's medical records because by law, a 
user's medical records cannot be sent out in clear, because this is confidential/secret 
information. Hence this will necessitate encryption, by law. 

With respect to Claim 21, the limitation of "wherein a participant accessing the 
network must authorize himself and his identity is verified by the information center" 
is met by Shultz on page 44, lines 19-30 and on page 45, lines 1-7. The password 
and authentication reveals this. 

With respect to Claim 23, the limitation of "wherein the permission for storing the 
data is given by the owner of the rights to the data at the latest when the data are 
registered at the information center, said information center not allowing any 
subsequent data access to these data without correct authorization" is met by Shultz 
on page 44, line's 19-30 and on page 45, lines 1-7 and on Fig. 3A and 4. 

As per claims 26-36, the limitations are similar to the claims 3-14 and rejected as 
above claims. 
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8. Claims 17-20 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Schultz et al (WO 98/15910) in view of Carter (5787175) in further view of Chen et 
al (5694471). 

With respect to Claim 17, all the limitation is met by the combination of Schultz et 
al and Carter except for the limitation disclosed below. 

The limitation of "wherein the sender provides the information sent by him with a 
digital signature by means of a secret signature code, whereby the recipient can 
verify the sent information by means of an associated public signature code" is met 
by Chen on column 2, lines 9-39. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Chen within the combination of Shultz et al 
and Carter because a digital signature is a commonly used, well-known method for 
authenticating the sender of an information, and hence validate the sender's integrity 
to the receiver. 

With respect to Claim 18, all the limitation is met by the combination of Schultz et 
al and Carter except for the limitation disclosed below. 

The limitation of "wherein the sender encodes all transmitted data by means of a 
public encryption code issued by the recipient, whereby only the recipient can 
decode the transmitted data by means of a secret encryption code" is met Chen on 
column 1, lines 40-51. 
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It would have been obvious .to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Chen within the combination of Schultz et al 
and Carter because public key encryption is a well-known means for encrypting 
data, whereby either side has a different encryption key. Public key encryption is 
utilized by RSA, a well-known encryption scheme. 

With respect to Claim 19, all the limitation is met by the combination of Schultz et 
al and Carter except for the limitation disclosed below. 

Chen meets the limitation of "wherein not only each data area access system and 
the information center but also each participant has a secret signature code and a 
secret encryption code and a public signature code and a public encryption code" on 
column 1 lines 40-51 and on column 1 , lines 6-22. The public signature code is 
obvious from the private signature code because it will be needed to decrypt the 
encrypted signature. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Chen within combination of Shultz et al and 
Carter because of the reasons stated above for Claims 1 7 and 1 8. 

With respect to Claim 20, all the limitation is met by the combination of Schultz et 
al and Carter except for the limitation disclosed below. 
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The limitation of "wherein the secret signature codes and encryption codes and/or 
public signature codes and encryption codes of a participant are stored on a data 
carrier, such as a smart card" is met by Chen on column 3, lines 52-62. 
It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Chen within the combination of Shultz et al 
and Carter because of the reasons stated above for Claims 17 and 18. 

With respect to Claim 22, all the limitation is met by the combination of Schultz et 
al and Carter except for the limitation disclosed below. 

The limitation of "wherein the identity of a participant is stored on a data carrier such 
as a . smart card" is met by Chen on column 2, lines 9-15. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Chen within the combination of Schultz et al 
and Carter because this would lead to a quicker user authentication since the 
information center need not be contacted to authenticate the user, but simply by 
authenticating the user by insertion of a smart card to a reader/terminal. 


9. Claim 24 is rejected under 35 U.S.C. 103(a) as being unpatentable over Schultz 
et al (W098/1 591 0) in view of Carter (5787 1 75) in further view of Auerbach et al 
(5673316). 
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With respect to Claim 24, all the limitation is met by the combination of Schultz et 
al and Carter except the limitation of an electronic watermark used for 
authentication. 

This is met by Auerbach et al on column 4, lines 40-42. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Auerbach et al within the combination of 
Schultz et al and Carter because watermarking is a well-known method of copy 
protection. 

Conclusion 

10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kambiz Zand whose telephone number is (571 ) 272- 
381 1 . The examiner can normally reached on Monday-Thursday (8:00-5:00). If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Gilberto Barron can be reached on (571 ) 272-3799. The fax phone numbers for the 
organization where this application or proceeding is assigned as (571) 273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
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have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Kambiz Zand 
08/03/2005 


